Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2423
Views
0
Helpful
7
Replies

CUCM LDAP Filter error

Go to solution
Andrei Fokin
Level 1
Level 1

‎06-18-2012 08:06 AM - edited ‎03-16-2019 11:43 AM

Hello, colleague!

I try to implement LDAP filter sync CUCM8.6 an Microsoft AD (Win2003 Server):

(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2)(ipPhone=*))

This filter get all users with nonempty "IP Phone" field.

I check my filter from AD - filter work correctly. When I try to point this filter to CUCM LDAP AD, I get error:

"Error while connecting to LDAP. Invalid filter used."

Can be required to specify OU and DC in my filter???

Please, help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni

‎06-18-2012 10:17 AM

Hi

Try

(&(objectCategory=person)(objectClass=user)(ipPhone=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni

‎06-18-2012 10:17 AM

Hi

Try

(&(objectCategory=person)(objectClass=user)(ipPhone=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
Andrei Fokin
Level 1
Level 1
In response to Aaron Harrison

‎06-18-2012 02:07 PM

Thank you, Aaron! Now filter work properly!

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to Andrei Fokin

‎06-18-2012 02:24 PM

Happy to help :-)

Aaron Harrison

Principal Engineer at Logicalis UK

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
John Powell
Level 1
Level 1

‎07-18-2012 03:24 PM

Aaron:

I was able to get a filter for the IP Phone filed to work fine on CUCM 8.5.1 and AD 2003.  Any reason you know of why your filter in this post is not working on my production CUCM 8.5.1 and AD 2008 r2? SRND doesn't say it's NOT supported.

John

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to John Powell

‎07-19-2012 01:01 AM

Hi John

Have you checked that the ipPhone fields are populated?

There's no reason it shouldn't work, I've just tested it now...

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
John Powell
Level 1
Level 1
In response to Aaron Harrison

‎07-19-2012 07:09 AM

The LDAP sync is pulling in all users—with and without IP Phone number populated.  We had about 1000 users in CM prior to the sync and now we have 3000 users after the sync.  A spot check of the users shows that we are not filtering out the users without the IP Phone field populated.  And I did double check to make sure I added the filter to the sync info!  See my screenshots:

0 Helpful

Go to solution
John Powell
Level 1
Level 1
In response to John Powell

‎07-25-2012 02:08 PM

So after further investigation, I found out the the customer is using AD 2008 R2 64-bit.  Not sure if that has anything to do with it, but I finally got the following filter to work properly:

(&(objectclass=user)(&(ipPhone=*))(!(objectclass=Computer))(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

The difference here versus the original filter format in this thread is the additional "&" in the ipPhone portion of the filter (and the parentheses for the section too).

Hope that is beneficial to someone down the road!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents